Back on my issue 
good catch @Nas but useless since we have no IP addresses to ban 
@giacomo @davidep I can catch something interesting in logs when the login is refused (code 400, code 200 is an accepted login)
192.168.xx.xx - - [18/Feb/2016:16:36:37 -0500] "POST /fr-FR/Login.json HTTP/1.1" 400 1055can we play with this or we might have something better to eat...something like ribs and beers